US10204231B2 - Method for providing an authenticated connection between at least two communication partners - Google Patents

Method for providing an authenticated connection between at least two communication partners Download PDF

Info

Publication number
US10204231B2
US10204231B2 US15/660,164 US201715660164A US10204231B2 US 10204231 B2 US10204231 B2 US 10204231B2 US 201715660164 A US201715660164 A US 201715660164A US 10204231 B2 US10204231 B2 US 10204231B2
Authority
US
United States
Prior art keywords
communication partner
application
communication
user
user application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US15/660,164
Other versions
US20180032743A1 (en
Inventor
Timo WINKELVOS
Alexander TSCHACHE
Martin Wuschke
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Volkswagen AG
Original Assignee
Volkswagen AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Volkswagen AG filed Critical Volkswagen AG
Assigned to VOLKSWAGEN AG reassignment VOLKSWAGEN AG ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Winkelvos, Timo, WUSCHKE, MARTIN, TSCHACHE, ALEXANDER
Publication of US20180032743A1 publication Critical patent/US20180032743A1/en
Priority to US16/257,505 priority Critical patent/US10762222B2/en
Application granted granted Critical
Publication of US10204231B2 publication Critical patent/US10204231B2/en
Priority to US16/916,247 priority patent/US10936737B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/48Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs

Definitions

  • Illustrative embodiments relate to a method for providing an authenticated connection between at least two communication partners and to a communication system.
  • FIG. 1 shows an exemplary embodiment of the communication system in a schematic illustration
  • FIG. 2 shows an exemplary embodiment of the method in a schematic flow diagram.
  • Modern vehicles have infotainment systems which can be coupled to smartphones.
  • an infotainment system can access media contents, for example, which are stored on the coupled smartphone, to reproduce them in the vehicle.
  • a signal-conducting connection between the vehicle-internal infotainment system and the smartphone can be used to carry out a user identification or to provide application-related user data for the infotainment system.
  • the signal-conducting connection should be equipped with suitable protection.
  • Known solutions are based on the protection of the entire communication connection between the communication partners, such that all applications are dependent on the security of this communication connection.
  • the document DE 10 2005 023 544 A1 proposes a communication system comprising a vehicle operating unit, a vehicle output unit, an interface computer and a mobile terminal, wherein the interface computer has access protection so the mobile terminal can only access authorized vehicle functions.
  • the document DE 10 2014 225 808 A1 discloses a BLUETOOTH® connection method in which a mobile terminal and an infotainment system of a vehicle are connected.
  • a controller arranged in the infotainment system implements an application on the mobile terminal.
  • the information required for the coupling is transmitted to the application by the controller and stored in an NFC (Near Field Communication) Tag by the application.
  • NFC Near Field Communication
  • the document DE 10 2013 201 624 A1 additionally discloses a method for transmitting data from a mobile terminal to a function of a vehicle, in which an operating element is displayed on a touch-sensitive display of the mobile terminal.
  • the operating element comprises an indication that points in the direction in which a reproduction device of the vehicle is situated.
  • the data transmission between the mobile terminal and the reproduction device is activated by the user's swiping in the displayed direction.
  • the security of the connection between an infotainment system and a mobile terminal is based on the security of the communication connection.
  • a connection set-up only the mobile terminal is identified and, after authentication has been effected, the communication connection between the infotainment system and the mobile terminal is enabled for all applications.
  • Disclosed embodiments enable a coupling of at least two communication partners which is effected at the application level and is thus independent of the protection of the communication connection between the communication partners.
  • a server application is implemented on a first communication partner of the at least two communication partners and a first user application is implemented on a second communication partner of the at least two communication partners.
  • an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is carried out.
  • the disclosed method provides an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is produced to protect the end-to-end communication between the communication partners.
  • the security or the protection of the communication path that is to say of the communication channel between the communication partners, is thus insignificant.
  • an application-specific rights configuration can additionally be effected, such that different rights can be allocated for different user applications.
  • a second user application can be implemented on the second communication partner, such that a further application-related pairing between the server application on the first communication partner and the second user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner can be carried out.
  • many user applications as desired can be implemented on the second communication partner, such that an application-related pairing between the server application on the first communication partner and the respective user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner can respectively be carried out. Consequently, a plurality or all of the application-related communication connections can be decoupled from the security or the protection of the communication channel used and can be configured in an application-specific manner.
  • first application-related access data can be exchanged between the first user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner.
  • second application-related access data can be exchanged between the second user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner.
  • application-related access data for a plurality or all of the user applications can be exchanged between the respective user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner.
  • Exchanging application-related access data between a user application on the second communication partner and the server application on the first communication partner can be effected only upon the initial connection set-up between the respective user application on the second communication partner and the first communication partner.
  • all access data which provide authorization for complete utilization of the user application may be exchanged between the server application on the first communication partner and the user application on the second communication partner. Consequently, upon a renewed connection set-up, the exchange of access data between the server application and the user application can be dispensed with. This leads to an acceleration of device coupling and to an increase in the coupling convenience.
  • the application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner can be stored on a memory of the first communication partner.
  • the access data By storing the access data, the data associated with a specific user application are permanently available to the first communication partner and can be retrieved and used as necessary, namely upon a renewed connection set-up.
  • the second communication partner can be identified by the server application on the first communication partner.
  • the user application implemented on the second communication partner can be identified by the server application on the first communication partner.
  • the server application on the first communication partner can check whether an application-related pairing between the server application on the first communication partner and the user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place. If an application-related pairing between the server application on the first communication partner and the user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place, the stored application-related access data can be retrieved from the memory of the first communication partner.
  • the operations designated can be performed automatically and without the need for user action.
  • the coupling process after the initial connection set-up between a user application on the communication partner and the first communication partner is accelerated in this way. Since no user actions are necessary, the coupling convenience is additionally increased.
  • the respective access data can comprise an application-related user name, an application-related password and/or a certificate.
  • the application-related user name and/or the application-related password can comprise a sequence of letters and/or numbers.
  • the certificate can be a certificate generated and/or issued by the user, a vehicle manufacturer or a certification body.
  • a further authentication stage can be integrated into the method.
  • the exchanged certificate is available to both communication partners, such that an additional authentication can be effected by a certificate matching.
  • application-related pairing information can be displayed on the first communication partner and/or application-related pairing information can be displayed on the second communication partner.
  • carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner can comprise confirming the application-related pairing information on the first communication partner by a user and/or confirming the application-related pairing information on the second communication partner by a user.
  • pairing information must be displayed and confirmed by a user
  • a user action is necessary.
  • the authentication of the connection between the at least two communication partners can be influenced by the user action. This leads to increased security and to generation of trust of the user in the security of the connection between the at least two communication partners.
  • the first communication partner can be embodied as a vehicle-internal device.
  • the vehicle-internal device may be embodied as an infotainment system of the vehicle.
  • the second communication partner can be embodied as a mobile terminal.
  • the mobile terminal may be embodied as a smartphone.
  • the user applications can comprise applications for reproducing media contents, such as audio contents or video contents.
  • the user applications can be navigation services or applications of various social networks.
  • the user applications can also relate to other mobile online services.
  • the disclosed communication system comprises at least two communication partners wherein a server application is installed on a first communication partner of the at least two communication partners and a first user application is installed on a second communication partner of the at least two communication partners.
  • the communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is carried out if the server application is implemented on the first communication partner and the first user application is implemented on the second communication partner.
  • the production of an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner allows the end-to-end communication between the communication partners to be protected.
  • the security or the protection of the communication path that is to say of the communication channel between the communication partners, is thus insignificant.
  • an application-specific rights configuration can additionally be effected, such that different rights can be allocated for different user applications.
  • a second user application can be installed on the second communication partner of the communication system, wherein the communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the second user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner can be carried out if the server application is implemented on the first communication partner and the second user application is implemented on the second communication partner.
  • the communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the respective user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner can respectively be carried out if the server application is implemented on the first communication partner and the respective user application is implemented on the second communication partner. Consequently, a plurality or all of the application-related communication connections of the communication system can be decoupled from the security or the protection of the communication channel used and can be configured in an application-specific manner.
  • the communication system can be configured to exchange application-related access data between a user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner, wherein exchanging application-related access data between a user application on the second communication partner and the server application on the first communication partner may be effected only upon the initial connection set-up between the respective user application on the second communication partner and the first communication partner.
  • the communication system can be configured, after the initial connection set-up, to exchange all access data which provide authorization for complete utilization of the user application between the server application on the first communication partner and the user application on the second communication partner. Consequently, upon a renewed connection set-up, the exchange of access data between the server application and the user application can be dispensed with. This leads to an acceleration of device coupling and to an increase in the coupling convenience.
  • the first communication partner can comprise a memory, wherein the first communication partner can be configured to store the application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner on the memory. By storing the access data, the data associated with a specific user application are permanently available to the first communication partner and can be retrieved and used as necessary, namely upon a renewed connection set-up.
  • the first communication partner can be configured to identify the second communication partner and/or the user application implemented on the second communication partner by the server application and to check whether an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place.
  • the first communication partner can be configured to retrieve stored application-related access data from the memory of the first communication partner if an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has taken place.
  • the communication system can be configured to perform the designated identifying, checking and retrieving automatically and without the need for user action. In this way, the communication system makes it possible that the coupling process after the initial connection set-up between a user application on the second communication partner and the first communication partner can be accelerated. Since no user actions are necessary, the coupling convenience is additionally increased.
  • the respective access data can comprise an application-related user name, an application-related password and/or a certificate.
  • the first communication partner and the second communication partner can be configured to manage application-related user names and/or application-related passwords which comprise a sequence of letters and/or numbers.
  • the certificate can be a certificate generated and/or issued by the user, a vehicle manufacturer or a certification body.
  • a further authentication stage can be integrated into the communication system.
  • the exchanged certificate is available to both communication partners, such that the additional authentication can be effected by means of a certificate matching.
  • the first communication partner and/or the second communication partner can be configured to display application-related pairing information to a user.
  • the first communication partner and/or the second communication partner can have in each case a display device.
  • the display device can be embodied as a display or as a touchscreen.
  • the first communication partner and/or the second communication partner can have in each case an actuation device that allows a user to confirm application-related pairing information on the first communication partner and/or the second communication partner.
  • the actuation device can comprise one or a plurality of actuation elements, such as, for example, keys or pushbuttons, or a touchscreen.
  • the first communication partner can be embodied as a vehicle-internal device.
  • the vehicle-internal device may be embodied as an infotainment system of the vehicle.
  • the second communication partner can be embodied as a mobile terminal.
  • the mobile terminal may be embodied as a smartphone.
  • the user applications can comprise applications for reproducing media contents, such as audio contents or video contents.
  • the user applications can be navigation services or applications of various social networks.
  • the user applications can also relate to other mobile online services.
  • the communication system can additionally be configured to perform the method for providing an authenticated connection between at least two communication partners according to at least one of the embodiments described above.
  • the same benefits and modifications as described above are applicable.
  • FIG. 1 shows a communication system 10 comprising two communication partners 12 , 14 .
  • the first communication partner 12 is embodied as a vehicle-internal device of the vehicle 34 , wherein the vehicle-internal device is an infotainment system.
  • the second communication partner 14 is embodied as a mobile terminal, wherein the mobile terminal is embodied as a smartphone.
  • the first communication partner 12 comprises a computing unit 18 , a communication module 20 , a display device 22 and an actuation device 24 .
  • the communication module 20 , the display device 22 and the actuation device 24 are connected to the computing unit 18 in a signal-conducting manner.
  • the communication module 20 is configured to communicate with other communication partners wirelessly, for example, by BLUETOOTH®.
  • the display device 22 is embodied as a display and integrated into the dashboard of the vehicle 34 .
  • the actuation device 24 comprises a plurality of pressure-sensitive input elements and is integrated into the center console of the vehicle 34 .
  • the second communication partner 14 likewise comprises a computing unit 26 , a communication module 28 , a display device 30 and an actuation device 32 .
  • the communication module 28 , the display device 30 and the actuation device 24 are connected to the computing unit 26 in a signal-conducting manner.
  • the communication module 28 is configured to communicate with other communication partners wirelessly, for example, by BLUETOOTH®.
  • the display device 30 is embodied as a touchscreen.
  • the actuation device 32 is embodied as a pushbutton.
  • a server application is installed on the first communication partner 12 and a plurality of user applications are installed on the second communication partner 14 .
  • the communication system 10 is configured to the effect that an application-related pairing between the server application on the first communication partner 12 and the respective user applications on the second communication partner 14 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the respective user applications on the second communication partner 14 is carried out if the server application is implemented on the first communication partner 12 and the respective user applications are implemented on the second communication partner 14 .
  • the communication system 10 is furthermore configured to exchange application-related access data between a user application on the second communication partner 14 and the server application on the first communication partner 12 via the application-restricted authenticated connection 16 between the first communication partner 12 and the respective user application on the second communication partner 14 .
  • exchanging application-related access data between a user application on the second communication partner 14 and the server application on the first communication partner 12 is effected only on the initial connection set-up between the respective user application on the second communication partner 14 and the first communication partner 12 .
  • FIG. 2 shows a method for providing an authenticated connection 16 between two communication partners 12 , 14 , which method begins with the following operations:
  • the first user application is a music reproduction application.
  • the first communication partner 12 is embodied as a vehicle-internal device and the second communication partner 14 is embodied as a mobile terminal. So a secure communication between the first communication partner 12 and the second communication partner 14 can be effected, the following operation is performed:
  • the first access data comprise an application-related user name and an application-related password. Exchanging the application-related access data between the first user application on the second communication partner 14 and the server application on the first communication partner 12 is effected only upon the initial connection set-up between the first user application on the second communication partner 14 and the first communication partner 12 . So this data exchange can be dispensed with upon the set-up of subsequent connections, the following operation is carried out:
  • a second user application with which the user has access to an online social network, is likewise implemented on the second communication partner 14 . To that end, the following operation is performed:
  • the second access data likewise comprise an application-related user name and an application-related password. Exchanging the application-related access data between the second user application on the second communication partner 14 and the server application on the first communication partner 12 is likewise effected only upon the initial connection set-up between the second user application on the second communication partner 14 and the first communication partner 12 . So this data exchange can be dispensed with upon the set-up of subsequent connections, the following operation is carried out:
  • the disclosed embodiments allow a coupling at the application level, such that the application-limited communication is independent of the protection of the communication channel between the communication partners.

Abstract

A method for providing an authenticated connection between at least two communication partners including implementing a server application on a first communication partner of the at least two communication partners, implementing a first user application on a second communication partner of the at least two communication partners, and carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. The method enables a coupling of at least two communication partners which is effected at the application level and is independent of the protection of the communication connection between the communication partners.

Description

PRIORITY CLAIM
This patent application claims priority to German Patent Application No. 10 2016 213 701.8, filed 26 Jul. 2016, the disclosure of which is incorporated herein by reference in its entirety.
SUMMARY
Illustrative embodiments relate to a method for providing an authenticated connection between at least two communication partners and to a communication system.
BRIEF DESCRIPTION OF THE DRAWINGS
The disclosed embodiments are explained below with reference to the associated drawings, in which:
FIG. 1 shows an exemplary embodiment of the communication system in a schematic illustration; and
FIG. 2 shows an exemplary embodiment of the method in a schematic flow diagram.
 DETAILED DESCRIPTION
Modern vehicles have infotainment systems which can be coupled to smartphones. By virtue of the coupling, an infotainment system can access media contents, for example, which are stored on the coupled smartphone, to reproduce them in the vehicle.
Moreover, a signal-conducting connection between the vehicle-internal infotainment system and the smartphone can be used to carry out a user identification or to provide application-related user data for the infotainment system.
Since personal data and application-related access data are usually also communicated between the infotainment system and the smartphone, the signal-conducting connection should be equipped with suitable protection. Known solutions are based on the protection of the entire communication connection between the communication partners, such that all applications are dependent on the security of this communication connection.
The document DE 10 2005 023 544 A1 proposes a communication system comprising a vehicle operating unit, a vehicle output unit, an interface computer and a mobile terminal, wherein the interface computer has access protection so the mobile terminal can only access authorized vehicle functions.
To increase the coupling convenience, the document DE 10 2014 225 808 A1 discloses a BLUETOOTH® connection method in which a mobile terminal and an infotainment system of a vehicle are connected. To establish a BLUETOOTH® coupling, a controller arranged in the infotainment system implements an application on the mobile terminal. The information required for the coupling is transmitted to the application by the controller and stored in an NFC (Near Field Communication) Tag by the application.
The document DE 10 2013 201 624 A1 additionally discloses a method for transmitting data from a mobile terminal to a function of a vehicle, in which an operating element is displayed on a touch-sensitive display of the mobile terminal. The operating element comprises an indication that points in the direction in which a reproduction device of the vehicle is situated. The data transmission between the mobile terminal and the reproduction device is activated by the user's swiping in the displayed direction.
In the known solutions, the security of the connection between an infotainment system and a mobile terminal is based on the security of the communication connection. During a connection set-up, only the mobile terminal is identified and, after authentication has been effected, the communication connection between the infotainment system and the mobile terminal is enabled for all applications.
Disclosed embodiments enable a coupling of at least two communication partners which is effected at the application level and is thus independent of the protection of the communication connection between the communication partners.
In the disclosed method for providing an authenticated connection between at least two communication partners, a server application is implemented on a first communication partner of the at least two communication partners and a first user application is implemented on a second communication partner of the at least two communication partners. Moreover, an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is carried out.
The disclosed method provides an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is produced to protect the end-to-end communication between the communication partners. The security or the protection of the communication path, that is to say of the communication channel between the communication partners, is thus insignificant. By means of the application-restricted authentication of the connection, an application-specific rights configuration can additionally be effected, such that different rights can be allocated for different user applications.
A second user application can be implemented on the second communication partner, such that a further application-related pairing between the server application on the first communication partner and the second user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner can be carried out. As many user applications as desired can be implemented on the second communication partner, such that an application-related pairing between the server application on the first communication partner and the respective user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner can respectively be carried out. Consequently, a plurality or all of the application-related communication connections can be decoupled from the security or the protection of the communication channel used and can be configured in an application-specific manner.
Moreover, first application-related access data can be exchanged between the first user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner. Alternatively or additionally, second application-related access data can be exchanged between the second user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner. Furthermore, application-related access data for a plurality or all of the user applications can be exchanged between the respective user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner. By exchanging access data, the manual input of access data is partly or completely eliminated and the coupling convenience is thus increased further.
Exchanging application-related access data between a user application on the second communication partner and the server application on the first communication partner can be effected only upon the initial connection set-up between the respective user application on the second communication partner and the first communication partner. After the initial connection set-up, all access data which provide authorization for complete utilization of the user application may be exchanged between the server application on the first communication partner and the user application on the second communication partner. Consequently, upon a renewed connection set-up, the exchange of access data between the server application and the user application can be dispensed with. This leads to an acceleration of device coupling and to an increase in the coupling convenience.
The application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner can be stored on a memory of the first communication partner. By storing the access data, the data associated with a specific user application are permanently available to the first communication partner and can be retrieved and used as necessary, namely upon a renewed connection set-up.
The second communication partner can be identified by the server application on the first communication partner. Alternatively or additionally, the user application implemented on the second communication partner can be identified by the server application on the first communication partner. The server application on the first communication partner can check whether an application-related pairing between the server application on the first communication partner and the user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place. If an application-related pairing between the server application on the first communication partner and the user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place, the stored application-related access data can be retrieved from the memory of the first communication partner. The operations designated can be performed automatically and without the need for user action. The coupling process after the initial connection set-up between a user application on the communication partner and the first communication partner is accelerated in this way. Since no user actions are necessary, the coupling convenience is additionally increased.
The respective access data can comprise an application-related user name, an application-related password and/or a certificate. The application-related user name and/or the application-related password can comprise a sequence of letters and/or numbers. The certificate can be a certificate generated and/or issued by the user, a vehicle manufacturer or a certification body. By virtue of the certificate exchange, a further authentication stage can be integrated into the method. By way of example, the exchanged certificate is available to both communication partners, such that an additional authentication can be effected by a certificate matching.
When carrying out the application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner, application-related pairing information can be displayed on the first communication partner and/or application-related pairing information can be displayed on the second communication partner. Alternatively or additionally, carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner can comprise confirming the application-related pairing information on the first communication partner by a user and/or confirming the application-related pairing information on the second communication partner by a user. By virtue of the fact that pairing information must be displayed and confirmed by a user, a user action is necessary. The authentication of the connection between the at least two communication partners can be influenced by the user action. This leads to increased security and to generation of trust of the user in the security of the connection between the at least two communication partners.
In the method, the first communication partner can be embodied as a vehicle-internal device. The vehicle-internal device may be embodied as an infotainment system of the vehicle. Alternatively or additionally, in the method, the second communication partner can be embodied as a mobile terminal. The mobile terminal may be embodied as a smartphone. The user applications can comprise applications for reproducing media contents, such as audio contents or video contents. Alternatively or additionally, the user applications can be navigation services or applications of various social networks. The user applications can also relate to other mobile online services.
The disclosed communication system comprises at least two communication partners wherein a server application is installed on a first communication partner of the at least two communication partners and a first user application is installed on a second communication partner of the at least two communication partners. The communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is carried out if the server application is implemented on the first communication partner and the first user application is implemented on the second communication partner.
In the disclosed communication system, the production of an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner allows the end-to-end communication between the communication partners to be protected. The security or the protection of the communication path, that is to say of the communication channel between the communication partners, is thus insignificant. By virtue of the fact that the communication system allows an application-restricted authentication of the connection, an application-specific rights configuration can additionally be effected, such that different rights can be allocated for different user applications.
A second user application can be installed on the second communication partner of the communication system, wherein the communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the second user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the second user application on the second communication partner can be carried out if the server application is implemented on the first communication partner and the second user application is implemented on the second communication partner. As many user applications as desired may be installed on the second communication partner of the communication system, wherein the communication system is configured to the effect that an application-related pairing between the server application on the first communication partner and the respective user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner can respectively be carried out if the server application is implemented on the first communication partner and the respective user application is implemented on the second communication partner. Consequently, a plurality or all of the application-related communication connections of the communication system can be decoupled from the security or the protection of the communication channel used and can be configured in an application-specific manner.
The communication system can be configured to exchange application-related access data between a user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the respective user application on the second communication partner, wherein exchanging application-related access data between a user application on the second communication partner and the server application on the first communication partner may be effected only upon the initial connection set-up between the respective user application on the second communication partner and the first communication partner. By exchanging access data, the manual input of access data is partly or completely eliminated and the coupling convenience is thus increased further. The communication system can be configured, after the initial connection set-up, to exchange all access data which provide authorization for complete utilization of the user application between the server application on the first communication partner and the user application on the second communication partner. Consequently, upon a renewed connection set-up, the exchange of access data between the server application and the user application can be dispensed with. This leads to an acceleration of device coupling and to an increase in the coupling convenience.
The first communication partner can comprise a memory, wherein the first communication partner can be configured to store the application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner on the memory. By storing the access data, the data associated with a specific user application are permanently available to the first communication partner and can be retrieved and used as necessary, namely upon a renewed connection set-up. The first communication partner can be configured to identify the second communication partner and/or the user application implemented on the second communication partner by the server application and to check whether an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place. The first communication partner can be configured to retrieve stored application-related access data from the memory of the first communication partner if an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has taken place. The communication system can be configured to perform the designated identifying, checking and retrieving automatically and without the need for user action. In this way, the communication system makes it possible that the coupling process after the initial connection set-up between a user application on the second communication partner and the first communication partner can be accelerated. Since no user actions are necessary, the coupling convenience is additionally increased.
The respective access data can comprise an application-related user name, an application-related password and/or a certificate. The first communication partner and the second communication partner can be configured to manage application-related user names and/or application-related passwords which comprise a sequence of letters and/or numbers. The certificate can be a certificate generated and/or issued by the user, a vehicle manufacturer or a certification body. By virtue of the certificate exchange, a further authentication stage can be integrated into the communication system. By way of example, the exchanged certificate is available to both communication partners, such that the additional authentication can be effected by means of a certificate matching.
The first communication partner and/or the second communication partner can be configured to display application-related pairing information to a user. For this purpose, the first communication partner and/or the second communication partner can have in each case a display device. The display device can be embodied as a display or as a touchscreen. The first communication partner and/or the second communication partner can have in each case an actuation device that allows a user to confirm application-related pairing information on the first communication partner and/or the second communication partner. The actuation device can comprise one or a plurality of actuation elements, such as, for example, keys or pushbuttons, or a touchscreen. By virtue of the fact that, in the communication system, pairing information must be displayed and confirmed by a user, a user action is necessary. The authentication of the connection between the at least two communication partners can be influenced by the user action. This leads to increased security.
The first communication partner can be embodied as a vehicle-internal device. The vehicle-internal device may be embodied as an infotainment system of the vehicle. Alternatively or additionally, the second communication partner can be embodied as a mobile terminal. The mobile terminal may be embodied as a smartphone. The user applications can comprise applications for reproducing media contents, such as audio contents or video contents. Alternatively or additionally, the user applications can be navigation services or applications of various social networks. The user applications can also relate to other mobile online services.
The communication system can additionally be configured to perform the method for providing an authenticated connection between at least two communication partners according to at least one of the embodiments described above. The same benefits and modifications as described above are applicable.
The various embodiments mentioned in this application, unless explained otherwise in an individual case, can be combined with one another.
FIG. 1 shows a communication system 10 comprising two communication partners 12, 14. The first communication partner 12 is embodied as a vehicle-internal device of the vehicle 34, wherein the vehicle-internal device is an infotainment system. The second communication partner 14 is embodied as a mobile terminal, wherein the mobile terminal is embodied as a smartphone.
The first communication partner 12 comprises a computing unit 18, a communication module 20, a display device 22 and an actuation device 24. The communication module 20, the display device 22 and the actuation device 24 are connected to the computing unit 18 in a signal-conducting manner. The communication module 20 is configured to communicate with other communication partners wirelessly, for example, by BLUETOOTH®. The display device 22 is embodied as a display and integrated into the dashboard of the vehicle 34. The actuation device 24 comprises a plurality of pressure-sensitive input elements and is integrated into the center console of the vehicle 34.
The second communication partner 14 likewise comprises a computing unit 26, a communication module 28, a display device 30 and an actuation device 32. The communication module 28, the display device 30 and the actuation device 24 are connected to the computing unit 26 in a signal-conducting manner. The communication module 28 is configured to communicate with other communication partners wirelessly, for example, by BLUETOOTH®. The display device 30 is embodied as a touchscreen. The actuation device 32 is embodied as a pushbutton.
A server application is installed on the first communication partner 12 and a plurality of user applications are installed on the second communication partner 14. The communication system 10 is configured to the effect that an application-related pairing between the server application on the first communication partner 12 and the respective user applications on the second communication partner 14 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the respective user applications on the second communication partner 14 is carried out if the server application is implemented on the first communication partner 12 and the respective user applications are implemented on the second communication partner 14.
The communication system 10 is furthermore configured to exchange application-related access data between a user application on the second communication partner 14 and the server application on the first communication partner 12 via the application-restricted authenticated connection 16 between the first communication partner 12 and the respective user application on the second communication partner 14. In this case, exchanging application-related access data between a user application on the second communication partner 14 and the server application on the first communication partner 12 is effected only on the initial connection set-up between the respective user application on the second communication partner 14 and the first communication partner 12.
FIG. 2 shows a method for providing an authenticated connection 16 between two communication partners 12, 14, which method begins with the following operations:
    • 36) Implementing a first user application on a second communication partner 14 of the at least two communication partners 12, 14; and
    • 38) Implementing a server application on a first communication partner 12 of the two communication partners 12, 14.
The first user application is a music reproduction application. The first communication partner 12 is embodied as a vehicle-internal device and the second communication partner 14 is embodied as a mobile terminal. So a secure communication between the first communication partner 12 and the second communication partner 14 can be effected, the following operation is performed:
    • 40) Carrying out an application-related pairing between the server application on the first communication partner 12 and the first user application on the second communication partner 14 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the first user application on the second communication partner 14.
After the application-related pairing between the server application on the first communication partner 12 and the first user application on the second communication partner 14 has been carried out, data can be exchanged between the server application on the first communication partner 12 and the first user application on the second communication partner 14, such that the following operation is performed:
    • 42) Exchanging first application-related access data between the first user application on the second communication partner 14 and the server application on the first communication partner 12 via the application-restricted authenticated connection 16 between the first communication partner 12 and the first user application on the second communication partner 14.
The first access data comprise an application-related user name and an application-related password. Exchanging the application-related access data between the first user application on the second communication partner 14 and the server application on the first communication partner 12 is effected only upon the initial connection set-up between the first user application on the second communication partner 14 and the first communication partner 12. So this data exchange can be dispensed with upon the set-up of subsequent connections, the following operation is carried out:
    • 44) Storing the application-related access data exchanged between the first user application on the second communication partner 14 and the server application on the first communication partner 12 on a memory of the first communication partner 12.
Besides the first user application, which is a music reproduction application, a second user application, with which the user has access to an online social network, is likewise implemented on the second communication partner 14. To that end, the following operation is performed:
    • 46) Implementing a second user application on the second communication partner 14.
So secure communication between the first communication partner 12 and the second communication partner 14 can be effected, the following operation is performed:
    • 48) Carrying out an application-related pairing between the server application on the first communication partner 12 and the second user application on the second communication partner 14 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the second user application on the second communication partner 14.
After the application-related pairing between the server application on the first communication partner 12 and the second user application on the second communication partner 14 has been carried out, data can be exchanged between the server application on the first communication partner 12 and the second user application on the second communication partner 14, such that the following operation is performed:
    • 50) Exchanging second application-related access data between the second user application on the second communication partner 14 and the server application on the first communication partner 12 via the application-restricted authenticated connection 16 between the first communication partner 12 and the second user application on the second communication partner 14.
The second access data likewise comprise an application-related user name and an application-related password. Exchanging the application-related access data between the second user application on the second communication partner 14 and the server application on the first communication partner 12 is likewise effected only upon the initial connection set-up between the second user application on the second communication partner 14 and the first communication partner 12. So this data exchange can be dispensed with upon the set-up of subsequent connections, the following operation is carried out:
    • 52) Storing the application-related access data exchanged between the second user application on the second communication partner 14 and the server application on the first communication partner 12 on a memory of the first communication partner 12.
After the connection between the first communication partner 12 and the second communication partner 14 has been interrupted, for example, because a user of the second communication partner 14, embodied as a mobile terminal, has left the vehicle 34 in which the first communication partner 12 is installed, an accelerated connection set-up between the first user application on the second communication partner 14 and the server application on the first communication partner 12 and also between the second user application on the second communication partner 14 and the server application on the first communication partner 12 can be effected. To that end, the following operations are performed:
    • 54) Identifying the second communication partner 14 by the server application on the first communication partner 12; and
    • 56) Identifying the first user application and second user application implemented on the second communication partner 14 by the server application on the first communication partner 12.
After the first user application and the second user application on the second communication partner have been identified, the following operations can be carried out for accelerated connection set-up:
    • 58) Checking, by the server application on the first communication partner 12, whether an application-related pairing between the server application on the first communication partner 12 and the first user application and the second user application on the second communication partner 14 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the respective user application on the second communication partner 14 has already taken place; and
    • 60) Retrieving stored application-related access data from the memory of the first communication partner 12 for producing an application-restricted authenticated connection 16 between the first communication partner 12 and the respective user application on the second communication partner 14.
By virtue of carrying out an application-related pairing between a server application on a first communication partner and a user application on a second communication partner, the disclosed embodiments allow a coupling at the application level, such that the application-limited communication is independent of the protection of the communication channel between the communication partners.
LIST OF REFERENCE SIGNS
  • 10 Communication system
  • 12 First communication partner
  • 14 Second communication partner
  • 16 Connection
  • 18 Computing unit
  • 20 Communication module
  • 22 Display device
  • 24 Actuation device
  • 26 Computing unit
  • 28 Communication module
  • 30 Display device
  • 32 Actuation device
  • 34 Vehicle
  • 36-60 Methodoperations

Claims (13)

The invention claimed is:
1. A method for providing an authenticated connection between at least two communication partners, the method comprising:
implementing a server application on a first communication partner of the at least two communication partners;
implementing a first user application on a second communication partner of the at least two communication partners;
carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner;
exchanging first application-related access data between the first user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner, wherein the first access data comprise a certificate;
implementing an additional user application on the second communication partner; and
carrying out an application-related pairing between the server application on the first communication partner and the additional user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the additional user application on the second communication partner.
2. The method of claim 1, further comprising: exchanging second application-related access data between the additional user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the additional user application on the second communication partner.
3. The method of claim 1, wherein exchanging application-related access data between a user application on the second communication partner and the server application on the first communication partner is effected only upon the initial connection set-up between the respective user application on the second communication partner and the first communication partner.
4. The method of claim 1, further comprising:
storing the application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner on a memory of the first communication partner.
5. The method of claim 1, further comprising a plurality or all of the following:
identifying the second communication partner by the server application on the first communication partner;
identifying the user application implemented on the second communication partner by the server application on the first communication partner;
checking, by the server application on the first communication partner, whether an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has already taken place; and
retrieving stored application-related access data from the memory of the first communication partner in response to an application-related pairing between the server application on the first communication partner and a user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the user application on the second communication partner has taken place.
6. The method of claim 1, wherein the first access data comprise an application-related user name and/or an application-related password.
7. The method of claim 1, wherein carrying out an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner, the method further comprising:
displaying application-related pairing information on the first communication partner;
displaying application-related pairing information on the second communication partner;
confirming the application-related pairing information on the first communication partner by a user; and
confirming the application-related pairing information on the second communication partner by a user.
8. The method of claim 1, wherein the first communication partner is a vehicle-internal device and/or the second communication partner is a mobile terminal.
9. A communication system, comprising:
at least two communication partners,
wherein a server application is installed on a first communication partner of the at least two communication partners and a first user application is installed on a second communication partner of the at least two communication partners,
wherein the communication system is configured so an application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner is carried out in response to the server application being implemented on the first communication partner and the first user application being implemented on the second communication partner;
wherein the communication system is configured to exchange first application-related access data between the first user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner, wherein the first access data comprise a certificate; and
wherein an additional user application is installed on the second communication partner and the communication system is configured so an application-related pairing between the server application on the first communication partner and the additional user application on the second communication partner for producing an application-restricted authenticated connection between the first communication partner and the additional user application on the second communication partner is carried out in response to the server application being implemented on the first communication partner and the additional user application being implemented on the second communication partner.
10. The communication system of claim 9, wherein the communication system is configured to exchange second application-related access data between the additional user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the additional user application on the second communication partner.
11. The communication system of claim 9, wherein the first communication partner comprises a memory, wherein the first communication partner is configured to store the application-related access data exchanged between a user application on the second communication partner and the server application on the first communication partner on the memory.
12. The communication system of claim 9, wherein the first communication partner is a vehicle-internal device and/or the second communication partner is a mobile terminal.
13. The communication system of claim 9, wherein the communication system is configured to perform a method for providing the authenticated connection between the at least two communication partners, the method comprising:
implementing the server application on a first communication partner of the at least two communication partners;
implementing the first user application on a second communication partner of the at least two communication partners;
carrying out the application-related pairing between the server application on the first communication partner and the first user application on the second communication partner for producing the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner; and
exchanging first application-related access data between the first user application on the second communication partner and the server application on the first communication partner via the application-restricted authenticated connection between the first communication partner and the first user application on the second communication partner, wherein the first access data comprise the certificate.
US15/660,164 2016-07-26 2017-07-26 Method for providing an authenticated connection between at least two communication partners Active US10204231B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US16/257,505 US10762222B2 (en) 2016-07-26 2019-01-25 Method for providing an authenticated connection between at least two communication partners
US16/916,247 US10936737B2 (en) 2016-07-26 2020-06-30 Method for providing an authenticated connection between at least two communication partners

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102016213701 2016-07-26
DE102016213701.8 2016-07-26
DE102016213701 2016-07-26

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/257,505 Continuation US10762222B2 (en) 2016-07-26 2019-01-25 Method for providing an authenticated connection between at least two communication partners

Publications (2)

Publication Number Publication Date
US20180032743A1 US20180032743A1 (en) 2018-02-01
US10204231B2 true US10204231B2 (en) 2019-02-12

Family

ID=59350647

Family Applications (3)

Application Number Title Priority Date Filing Date
US15/660,164 Active US10204231B2 (en) 2016-07-26 2017-07-26 Method for providing an authenticated connection between at least two communication partners
US16/257,505 Active US10762222B2 (en) 2016-07-26 2019-01-25 Method for providing an authenticated connection between at least two communication partners
US16/916,247 Active US10936737B2 (en) 2016-07-26 2020-06-30 Method for providing an authenticated connection between at least two communication partners

Family Applications After (2)

Application Number Title Priority Date Filing Date
US16/257,505 Active US10762222B2 (en) 2016-07-26 2019-01-25 Method for providing an authenticated connection between at least two communication partners
US16/916,247 Active US10936737B2 (en) 2016-07-26 2020-06-30 Method for providing an authenticated connection between at least two communication partners

Country Status (4)

Country Link
US (3) US10204231B2 (en)
EP (1) EP3277010B1 (en)
KR (1) KR102018424B1 (en)
CN (1) CN107659408B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022204365A1 (en) 2022-05-03 2023-11-09 Psa Automobiles Sa Activation of a vehicle function offered by the vehicle

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015722A1 (en) 2004-07-16 2006-01-19 Geotrust Security systems and services to provide identity and uniform resource identifier verification
US20060123226A1 (en) * 2004-12-07 2006-06-08 Sandeep Kumar Performing security functions on a message payload in a network element
DE102005023544A1 (en) 2005-05-21 2006-12-07 Bayerische Motoren Werke Ag Connection of personal terminals to the communication system of a motor vehicle
US20110210820A1 (en) 2010-02-26 2011-09-01 Gm Global Technology Operations, Inc. Multiple near field communication tags in a pairing domain
US20130232136A1 (en) * 2012-03-05 2013-09-05 Audi Ag Method for providing at least one service with at least one item of formatted assessment information associated with a data record
US20140187149A1 (en) 2012-12-27 2014-07-03 Victor B. Lortz Uri-based host to mobile device setup and pairing
US20140196023A1 (en) 2013-01-04 2014-07-10 Design Net Technical Products, Inc. System and method to create and control a software appliance
US20140196111A1 (en) 2011-12-29 2014-07-10 Vijay Sarathi Kesavan Secured electronic device
DE102013201624A1 (en) 2013-01-31 2014-07-31 Bayerische Motoren Werke Aktiengesellschaft Method for transmitting data from mobile terminal to function of vehicle, involves determining data, which is transmitted to function of vehicle, where position of mobile terminal is determined with respect to location
US20140244723A1 (en) * 2011-12-27 2014-08-28 Michelle X. Gong Systems and methods for cross-layer secure connection set up
US20150339334A1 (en) 2012-06-23 2015-11-26 Audi Ag Method for entering identification data of a vehicle into a user database of an internet server device
DE102014225808A1 (en) 2014-08-25 2016-02-25 Hyundai Motor Company Bluetooth pairing system and procedure

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013021632A (en) * 2011-07-14 2013-01-31 Denso Corp Vehicle communication system, mobile communication terminal and vehicle apparatus
CN103619077A (en) * 2013-11-26 2014-03-05 深圳市诺威达科技有限公司 Method for sharing WIFI of mobile terminal
US9876594B1 (en) * 2016-07-12 2018-01-23 Ford Global Technologies, Llc Accessing infotainment system using non-paired devices

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060015722A1 (en) 2004-07-16 2006-01-19 Geotrust Security systems and services to provide identity and uniform resource identifier verification
US20060123226A1 (en) * 2004-12-07 2006-06-08 Sandeep Kumar Performing security functions on a message payload in a network element
DE102005023544A1 (en) 2005-05-21 2006-12-07 Bayerische Motoren Werke Ag Connection of personal terminals to the communication system of a motor vehicle
US20110210820A1 (en) 2010-02-26 2011-09-01 Gm Global Technology Operations, Inc. Multiple near field communication tags in a pairing domain
US20140244723A1 (en) * 2011-12-27 2014-08-28 Michelle X. Gong Systems and methods for cross-layer secure connection set up
US20140196111A1 (en) 2011-12-29 2014-07-10 Vijay Sarathi Kesavan Secured electronic device
US20130232136A1 (en) * 2012-03-05 2013-09-05 Audi Ag Method for providing at least one service with at least one item of formatted assessment information associated with a data record
US20150339334A1 (en) 2012-06-23 2015-11-26 Audi Ag Method for entering identification data of a vehicle into a user database of an internet server device
US20140187149A1 (en) 2012-12-27 2014-07-03 Victor B. Lortz Uri-based host to mobile device setup and pairing
US20140196023A1 (en) 2013-01-04 2014-07-10 Design Net Technical Products, Inc. System and method to create and control a software appliance
DE102013201624A1 (en) 2013-01-31 2014-07-31 Bayerische Motoren Werke Aktiengesellschaft Method for transmitting data from mobile terminal to function of vehicle, involves determining data, which is transmitted to function of vehicle, where position of mobile terminal is determined with respect to location
DE102014225808A1 (en) 2014-08-25 2016-02-25 Hyundai Motor Company Bluetooth pairing system and procedure

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Search Report for European Patent Application No. 17180651.6; dated Nov. 30, 2017.

Also Published As

Publication number Publication date
US20190156046A1 (en) 2019-05-23
EP3277010B1 (en) 2021-12-08
CN107659408B (en) 2021-08-13
EP3277010A1 (en) 2018-01-31
US10762222B2 (en) 2020-09-01
KR20180012230A (en) 2018-02-05
US20200334366A1 (en) 2020-10-22
US20180032743A1 (en) 2018-02-01
CN107659408A (en) 2018-02-02
KR102018424B1 (en) 2019-09-04
US10936737B2 (en) 2021-03-02

Similar Documents

Publication Publication Date Title
WO2017217070A1 (en) System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
US10645578B2 (en) System for using mobile terminals as keys for vehicles
EP3648396B1 (en) Maintenance system and maintenance method
EP3403246B1 (en) A device and method for collecting user-based insurance data in vehicles
JP6178390B2 (en) Management device, management system, vehicle, management method, and computer program
US10812592B2 (en) Method and apparatus for utilizing NFC to establish a secure connection
JP6583728B2 (en) Communications system
US9710402B2 (en) Method and apparatus for securing and controlling individual user data
ES2963411T3 (en) System and method for pre-authentication of customer service calls
US10484360B2 (en) Method for providing an authenticated connection between at least two communication partners
CN109379403B (en) Control method and device of Internet of things equipment, server and terminal equipment
CN112513844A (en) Secure element for processing and authenticating digital keys and method of operation thereof
US10936737B2 (en) Method for providing an authenticated connection between at least two communication partners
US20170080896A1 (en) Method and apparatus for secure pairing based on fob presence
JP2018019415A (en) System, authentication station, on-vehicle computer, public key certificate issuing method, and program
US10825272B1 (en) Image data access control apparatus for vehicle and method thereof
KR102215212B1 (en) Method for providing an authenticated connection between at least two communication partners
US20170297529A1 (en) Vehicle Computer System for Authorizing Insurance and Registration Policy
WO2016107820A1 (en) A method for accessing a shared wireless device using a client wireless communications device, and devices for the same

Legal Events

Date Code Title Description
AS Assignment

Owner name: VOLKSWAGEN AG, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WINKELVOS, TIMO;TSCHACHE, ALEXANDER;WUSCHKE, MARTIN;SIGNING DATES FROM 20170612 TO 20170724;REEL/FRAME:044025/0090

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4